Internal Documents and Personal Records Compromised in North Carolina State Government Breach

Media Division | April 4, 2017

State governments can hold highly personal and confidential information which needs to be protected.  Not only do they have data and systems that are crucial to running the state, but they also hold details in regard to citizens that can be used for a wide variety of malicious purposes in the wrong hands.  In reports released recently, it appears that North Carolina has suffered a large data breach.

A large amount of North Carolina government data held in a cloud repository was left in a vulnerable state, where it was exposed to the internet.  MacKeeper had discovered this last month and found that it had included data from North Carolina government offices, such as Dept of Health, Dept of Administration, Dept of Public Safety, Office of State Budget and Management. NC IT Department, and a few others.  The researcher at MacKeeper had then notified NC of the discovery as well.

Conflicting Views

Apparently, privileged documents labeled “for internal use only” (FOUO) had been exposed in the breach.  Though, according to a spokesperson for the Department of Information Technology (DIT), this was not the case.  A review from DIT had concluded that the documents did not contain privileged information, and were reviewed before being published on the site.  They also said that the FOUO mark was incorrect, and it was publicly viewable information.

According to the researcher that had discovered the breach, the state had quickly disabled access to the database after being notified of it, but there were some documents that were still left cached online.  While it is good that North Carolina took steps to handle the immediate access, the fact that they have not further addressed the issue is concerning. Though, this may be due to the fact that their review seemed to display that there was nothing to be worried about in regard to the documents.

Data breaches like this can often be quite ridiculous, simply due to the fact that they are easily avoided.  Proper security applied to the cloud repository in the first place could have prevented the entire issue.  Whether these documents ended up being of major concern or not is, of course, a factor, but proper security should have been applied nonetheless.  Lackadaisical security approaches toward cloud storage and other databases in our modern age can actually be quite dangerous, being that truly sensitive information could be contained on them.

Additional North Carolina Data Breach

While not cyber-related, there was another data breach from North Carolina that was also reported.  In this incident, boxes of DMV records containing sensitive information spanning about 6 months had been incorrectly disposed of.  The documents were supposed to be shredded, but they had been labeled as regular trash and disposed of as such.  Forms in the boxes included driver history and voter registration which can contain sensitive personal information such as social security numbers.

Applying Appropriate Data Breach Solutions

Cyber attacks can be one of the most common threats to an organization in our modern age of technology, and resulting data breaches can be the downfall of organizations in certain cases.  This is why it is so critical that an organization have not only proper cyber security in place but as well as comprehensive data breach solutions in the event that they are compromised.  There are many steps that need to be taken in the event of a data breach, including reparative and mitigative actions.  Massive Alliance offers thorough data breach solutions to get an organization back on track.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.